7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
77.0%
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by
realpath() which can be used to write before the destination buffer leading
to a buffer underflow and potential code execution.
Author | Note |
---|---|
seth-arnold | I wonder where Go, busybox, and similar βdo it ourselvesβ tools fit. I added dietlibc and musl to this page out of an abundance of caution. Someone should investigate. |
sbeattie | introduced a regression in glusterfs geo-rep due to its usage of rsync. See redhat bug for compensating patch for rsync. |
msalvatore | Unlike in glibc, this issue does not cause a buffer underflow in musl. Furthermore, realpath() does not call getcwd() in musl. |
www.openwall.com/lists/oss-security/2018/01/11/5
launchpad.net/bugs/cve/CVE-2018-1000001
lists.samba.org/archive/rsync/2018-February/031478.html
nvd.nist.gov/vuln/detail/CVE-2018-1000001
security-tracker.debian.org/tracker/CVE-2018-1000001
sourceware.org/bugzilla/show_bug.cgi?id=18203
ubuntu.com/security/notices/USN-3534-1
ubuntu.com/security/notices/USN-3536-1
www.cve.org/CVERecord?id=CVE-2018-1000001
www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
77.0%